Managing Unattended Upgrades on Linux Servers

On some Linux distributions, such as Ubuntu, the unattended-upgrades feature is turned on by default. This means your servers might install patches automatically, outside your patching process.

To maintain full control of patching through your system only, you need to disable unattended upgrades.

1. Check if Unattended Upgrades Is Enabled. Run

   systemctl status unattended-upgrades

   • Active (running) - Unattended upgrades are enabled.

   • Inactive (dead) - Unattended upgrades are disabled.

   Check the configuration file:

   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";
   If both values are "1", unattended upgrades are enabled.

2. Disable Unattended Upgrades

   Remove the package:

   sudo apt remove unattended-upgrades

3. Confirm It’s Disabled. Run,

   systemctl status unattended-upgrades

   You should see inactive or not found.